Executive Dashboard
- Svetlana Sheptiy
- Andrew Madge
This page applies to Snare Central v8.2.0 and later.
Note: in v8.6.0 the page was renamed from 'Dashboard' to 'Executive Dashboard'.
Overview
Snare Central Executive Dashboard provides System Health indicators and Events Collection statistics, allowing quick and easy access to critical data and quicker response to the emerging issues.
The dashboard uses Green-Orange-Red color scheme for status indicators.
The Dashboard contains the following components:
Snare Central Health Status
Provides color-coded indicators of various Snare Central Health metrics.
Note: when the side menu is expanded, the values in the status cards are hidden.
System Status
Current status of Snare Central Health Checker. Updates every 1 minute.
The Health Checker combines most key aspects of system operation (depending on configuration), including, but not limited to: licensing, key services status, integrity checks, available disk space, Reflector destinations status and more.
Color-coding: green - normal operation, orange - warning, red - error.
Click the System Status card to navigate to Status > Snare Health Checker page for more details.
CPU Usage
CPU Usage percentage averaged across all cores.
Color-coding: green - up to 60%, orange - greater than 60%, red - greater than 80%
Click the CPU Usage card to navigate to Status > System Status page, then click CPU tab for more details.
Event Activity
Average Bytes per Second received during the past 1 minute.
Color-coding: green - normal operation, red - Collector service is not responding.
Click the Event Activity card to navigate to Status > Snare Health Checker page and scroll down to Collector/Reflector sections for more details.
Archive Usage
Indicates disk and inode usage percentage by Snare Archive.
Color-coding: green - normal operation, up to 80% of disk and/or inode usage, orange - warning, 81-85% of disk usage, or 81-90% of inode usage, red - above 85% of disk usage or above 90% of inode usage.
Note: these thresholds are configurable in Snare Health Checker.
Click the Archive Usage card to navigate to Status > Snare Health Checker page for more details.
Collection and Reflection Statistics
Provides Events Collection and Reflection statistics.
Note: when the side menu is expanded, the values in the status cards are hidden.
Destinations
Number of configured destinations for Snare Reflector.
Snare Reflector has 2 default internal destinations, reflecting to localhost ports 6170 (Snare format) and 6171 (Syslog format).
Additional destinations can be configured to reflect to other servers or 3rd party log analysis tools.
Color-coding: green - normal operation, red - at least one Destination is not reachable.
Click the Destination card to navigate to Status > Snare Health Checker page and scroll down to Collector/Reflector sections for more details.
Recent Events
Incoming Events per Second. Updates every 1 minute.
Color-coding: green - normal operation, red - Collector service is not responding.
Click the Recent Events card to navigate to Status > Snare Health Checker page and scroll down to Collector/Reflector sections for more details.
Total Events/24h
Total number of events collected by Snare Central Collector in the past 24 hours, or since last Collector/Reflector restart.
Color-coding: green - normal operation, red - Collector service is not responding.
Click the Total Events/24h card to navigate to Status > Snare Health Checker page and scroll down to Collector/Reflector sections for more details.
Total Bytes/24h
Total number of bytes collected by Snare Central Collector in the past 24 hours, or since last Collector/Reflector restart.
Color-coding: green - normal operation, red - Collector service is not responding.
Click the Total Bytes/24h card to navigate to Status > Snare Health Checker page and scroll down to Collector/Reflector sections for more details.
SAM Health Status
Provides color-coded indicators of various Snare Agents Manager (SAM) metrics.
Click 
to open SAM in a new tab
License Allowances
Number of licensed entities.
Color-coding: green - used licenses do not exceed allowance.
Click 
to find more details in Table View
Click 
to close Table View.
License Expiry
Indicates whether there are licenses that are about to expire or have already expired.
Color-coding: green - active license, orange - license is about to expire within the next 30 days, red - license has expired.
Click to find more details in Table View
Click to close Table View.
Support Expiry
Indicates whether license support is about to expire or have already expired.
Color-coding: green - active support, orange - support is about to expire within the next 30 days, red - support has expired.
Click to find more details in Table View
Click to close Table View.
Connected Agents
Number of Snare Agents that have connected to SAM within the last 5 minutes.
% out of all agents known to SAM.
Color-coding: green - all agents are connected, orange - warning: 1 or more unreachable agents.
Not Reachable Agents
Number of Snare Agents that have not connected to SAM within the last 5 minutes.
% out of all agents known to SAM.
Color-coding: green - 0 unreachable agents, orange - warning: 1 or more unreachable agents.
Events or Bytes per second over the last 3 hours
This Line chart shows the number of incoming and outgoing events or bytes per second over the last 3 hours.
Time period can be adjusted between last 10 minutes and last 24 hours by using either a slider or an input field.
Outgoing events are charted by Reflector Destination, labeled in the format of <destination_ip>:<port>
Note: 127.0.0.1:6170 and 127.0.0.1:6171 are special Snare Central internal destinations for Snare and Syslog events respectively.
Click on a destination in the chart legend to toggle its visibility.
Click
to flip between Events per Second and Bytes per Second charts.
Click 
to expand the chart to Full Screen view.
Click 
to exit Full Screen view.
Chart Canvas Controls
Chart canvas controls
Chart canvas controls allow to perform common actions on a displayed chart area:
Zoom Selection - allows to select an area to zoom into. Toggle this button, then click and hold on the area of a chart and drag to the left or to the right to select the area to zoom into.
Zoom Restore - reverts the above zoom selection
Save as Image - allows to download the chart canvas as an image
View Raw Data - displays the chart data in plain text view. Click Return to return to the chart view.
Line Chart - displays the chart as a Line Chart
Bar Chart - displays the chart as a Bar Chart
Stacked - displays data series stacked on top of each other
Tiled - displays each data series separately, relative to 0 (the opposite of Stacked)
Reset - resets all above made changes to the default chart settings.
Note: various charts on the dashboard may have all or some of the above controls depending on the context.
Historical Collection
This Bar chart displays the number of Events and Bytes collected daily by Snare Central over the last 30 days.
From v8.6.0, Historical Collection graph displays additional column for Compressed Bytes, and shows summary of received data volume vs stored compressed data volume, highlighting data storage saving.
Time period can be adjusted from last 7 days to last 365 days, using either a slider or the input field.
Click on a data series in the chart legend to toggle its visibility.
Click to expand the chart to Full Screen view.
Click to exit Full Screen view.
Events Heat Map
This interactive heat map displays the total number of events received over a 15 days period.
Time period can be adjusted from last 7 days to last 60 days, using either a slider or an input field.
The coloured rectangles indicate the number of events received during the 15 minute period relative to the scale shown at the bottom of the graph.
Further details on the number of events received can be ascertained by placing the mouse cursor over the coloured rectangles.
Click a cell in the heat map to explore the events for this 15 minute period.
An interactive pie chart will be displayed showing events distribution by either Log Type or System the event originated from.
Click on a data series in the chart legend to toggle its visibility.
Click on a data series on the pie chart to drill down and view Log Types for the selected System, or Systems for a selected Log Type, displayed on the same pie chart as an outer layer.
Click on a data series on the outer layer of the pie chart to view raw events data in a Table View.
Click on the column header to sort events by this column.
Click on a table row to display the contents of that specific log entry.
Use filters in the table to view events of interest.
Click the arrows 
at the bottom of the component to collapse or expand the Table View and the Pie Chart.
Click to expand the chart to Full Screen view.
Click to exit Full Screen view.
Live Events
Live Events chart displays Bytes and Events per Second collected by Snare Central from latest 10 sources.
The source is indicated by either host name or IP address, depending on its configuration.
This chart refreshes every 2.5 seconds.
Click 
to pause and review the data.
Click 
to resume data refreshing every 2.5 seconds.
Click on a data series in the chart legend to toggle its visibility.
Click 
Events Table to see the incoming events per system and per log type.
Click 
Systems Graph to return to the chart view.
Click to expand the chart or the table to Full Screen view.
Click to exit Full Screen view.
Click the chart area to navigate to Status > Monitor Live Data page for more details.
Scheduled Reports Status
Status of reports executed within the past 7 days or scheduled in the future.
The reports are grouped by the configured report criticality.
Click 
to expand each section and view the details of the reports.
Click 
to collapse the expanded section
Click the report row in the table to navigate to the Report's page.